The CV and data can be seen when a certain url is entered for the domain. As the site was designed using opensource software ( Wordpress), and with a bit of knowledge that anyone familiar with WordPress, it was possible to see this data.

I was only able to see the data out of curiosity as I was doing some research for a client of mine who also operates a recruitment agency and I was interested in the source for the web-site and in particular the wordpress plug used.

I am surprised that the web-designers / developers did not set the security of this site. Other sites made by the same company using WordPress seem to be secure.

My own site and a few others I have created were also tested and these are secure.